Enterprise GitHub using Personal Tokens #251
Conversation
Update GitServerPublic.swift to call BuildasaurxcodeprojKeys instead.
Add .EnterpriseGitHub to GitService enum. Change GitService to use an associated value for .EnterpriseGitHub's host. Get the enterprise server's host from the git repo in the keychain. Add and use GitService.type() because the new version of GitService breaks things like "==" and using the rawValue as a dictionary key. Assert that OAuth client/secret will not be use for Enterprise GitHub. Fail horribly if someone tries. Add a couple of EnterpriseGitHubTests that are commented out because they fail without a repo to contact. Replaced hardcoded strings in WorkspaceMetadata with calls to GitService.foo.hostname(). Move some ProjectViewController.ConfigEditViewController logic into the switch statement because the code had assumed anything other than .BitBucket was .GitHub. Also switch BuildasaurxcodeprojKeys back to BuildasaurKeys to be consistent with master.
|
The "Fix this" commit has been backed out as part of the "Implement" commit. I don't know why Github insists there is a conflict. |
| @@ -41,6 +53,7 @@ public enum GitService: String { | |||
| public func authorizeUrl() -> String { | |||
| switch self { | |||
| case .GitHub: return "https:/login/oauth/authorize" | |||
| case .EnterpriseGitHub: return "https://\(hostname())/login/oauth/authorize" | |||
There was a problem hiding this comment.
I think we should have an assert here as well, since we don't support GitHub Enterprise OAuth yet.
|
Can you please merge master into your branch again? At the moment it can't be merged. As I didn't manage to get a local GitHub Enterprise to run locally (even though I have a license), I'll rely on you testing it before we merge it. I won't have a chance to verify it. |
Update GitServerPublic.swift to call BuildasaurxcodeprojKeys instead.
Add .EnterpriseGitHub to GitService enum. Change GitService to use an associated value for .EnterpriseGitHub's host. Get the enterprise server's host from the git repo in the keychain. Add and use GitService.type() because the new version of GitService breaks things like "==" and using the rawValue as a dictionary key. Assert that OAuth client/secret will not be use for Enterprise GitHub. Fail horribly if someone tries. Add a couple of EnterpriseGitHubTests that are commented out because they fail without a repo to contact. Replaced hardcoded strings in WorkspaceMetadata with calls to GitService.foo.hostname(). Move some ProjectViewController.ConfigEditViewController logic into the switch statement because the code had assumed anything other than .BitBucket was .GitHub. Also switch BuildasaurxcodeprojKeys back to BuildasaurKeys to be consistent with master.
|
I still get build errors from master, but here's a merged version for you. |
|
Merged. On Wed, Mar 9, 2016 at 11:45 AM, Honza Dvorsky [email protected]
|
| <dependencies> | ||
| <deployment identifier="macosx"/> | ||
| <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10089"/> | ||
| <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10109"/> |
There was a problem hiding this comment.
Can you please revert these changes, since you didn't change anything I'd prefer to not have a diff here.
…rver in ProjectAuthenticator.fromString. Add tests for ProjectAuthenticator.fromString.
|
I tried to use @rcaileff 's branch on our GH Enterprise instance and it failed due to the ldap authentication we use. When you point the tool to the GH API URL it always gets redirected to the LDAP authentication HTML page through which you have to go before getting into GH. This issue would have been avoided if SSH keys (Deploy keys) authentication was used. Since this is a server-server authentication it makes much sense not to use Personal Tokens but Deploy keys instead. |
| @@ -69,4 +73,16 @@ extension ProjectAuthenticator: KeychainStringSerializable { | |||
| self.secret | |||
| ].joinWithSeparator(":") | |||
| } | |||
|
|
|||
| internal static func createEnterpriseService(host: String) -> GitService? { | |||
| guard let url = NSURL.init(string: "http://\(host)") else { return nil } | |||
There was a problem hiding this comment.
You can just do NSURL(string: ...).
|
@fotiDim Deploy keys are not yet supported, if you'd like to see support for them in Buildasaur, please create a separate ticket. I agree it would be nice to support them :) We just need to approach these changes in as small steps as possible to ensure everything keeps working. Regarding this PR, @rcaileff do you understand the issue @fotiDim is having? Unfortunately I don't have a Enterprise server I would have access to, so I can't chime in here. On that note, would either of you be able to create a test repo on your Enterprise server and give me access (if it's accessible from the outside network)? It would greatly help me to get involved with these Enterprise features, being able to test them and develop more features for them. |
|
I partially understand the problem @fotiDim is having. Buildasaur comments @czechboy0 Unfortunately, I can't give you access to the corporate servers. On Thu, Mar 17, 2016 at 12:59 PM, Honza Dvorsky [email protected]
|
|
What I did to solve the first (comments coming in under my personal user) is that I created a separate GitHub account (@buildasaur) whose Personal Tokens I use (after adding it as a collaborator), so that the comments are clearly coming from a CI bot. I recommend you do the same, creating a new GitHub account takes a couple of minutes and the workflow is much nicer then. I understand it's tricky, I was just asking whether there isn't a way to create one test repository to which I'd have access, I didn't want access to the complete server of course. But if it's impossible there's nothing we can do. |
|
I did eventually get a separate account to tie to the comments, but because On Thu, Mar 17, 2016 at 1:11 PM, Honza Dvorsky [email protected]
|
|
@czechboy0 unfortunately I cannot give you access to our GitHub enterprise instance as it is accessible only in our intranet. I will be happy to test things for though so just ping me when you need sth. I am still working on the SSH authentication issue and I hope I will have fixed it soon. |
|
@ Navideck-fotis How is the SSH authentication issue going? |
|
@rcaileff Hi there. Our internal IT department has failed me. They provided no solution. We settled using a more simple workflow without the benefits of Buildasaur. However our GitHub Server is accessible from the internet now so I might be able to setup an account and a repo for you. |
|
@Navideck-fotis 🎉 |
|
@rcaileff It looks like other PRs have made master conflict with your branch. Could you merge master into your branch, resolve conflicts and get this branch up to date? I'll be happy to merge it once we know it's working! 😊 |
Refactor createEnterpriseService into GitService and use it in WorkspaceMetadata.swift so parse has a basic check for whether the potential enterprise git server exists. Log the error when createEnterpriseService catches. Dry up TODO comments in enterprise github tests. Add tests for createEnterpriseService and make tryEndpoint more robust. Fix EnterpriseGitHubSourceTests.swift tests to match GitHubServerTests.swift changes. Fix a now-broken GitService comparison in a test helper.
|
@czechboy0 I've merged in master and made some minor updates. I have not removed the rate-limitation requirement from the server headers or otherwise tried to handle misconfigured servers. |
|
Cool, does this work for you locally? Can anyone else please try to run this with a GitHub Enterprise server for a day and report that everything went well please? Unfortunately I can't test it myself :( But thanks @rcaileff, this is great stuff, once we're sure it all works I'll merge it in 🎉 |
|
@czechboy0 There are a couple of changes I have to make locally because we also have a misconfigured server... but other than that it works for me. If there's someone out there who can test it on a different system, that would be awesome. |
|
Merged master back into the branch to resolve conflicts so that the PR is once again able to be merged. Have you had any luck finding someone who can test this? It'd be nice to get it merged into master so I can stop fixing conflicts. 😄 |
|
Sorry about that, unfortunately it's a large enough change that I don't feel comfortable merging it unless someone is able to give it a good test. If I had access to an enterprise server I could do it myself, however that's not the case right now :( |
|
I will give it another go internally. If there is any update I will let you know. |
|
I am also interested in this feature and will do some testing |
|
@fotiDim were you able to get past the ldap authentication page issue? |
|
So I was able to get up and running with a couple small changes to the code. |
|
@sambae good to hear that you got it working. We don't use ldap but active directory and with SAML authentication in the front. I am still waiting for feedback internally. |
GitHub Enterprise Support #99 version 2.
I haven't updated my team's server to use this version because I don't want to disrupt our existing CI. I did test this out on my laptop as far as the BuildTemplate selection step. I had to use a hardcoded change to a string value in GitServerFactory.swift because of a quirk in our environment; I don't know if other users will have a similar problem.